Secure Requirement Checklist and Secure Coding Checklist Approach on Secure Software Development Lifecycle
DOI:
https://doi.org/10.21512/emacsjournal.v7i2.13429Keywords:
Cyber Security, Secure Software Development, Software Engineering, Systematic Literature ReviewAbstract
Rapid progress of digital transformation has occurred governments, organization and around the world. where this rapid digital transformation is not followed by the security protection of digital infrastructure and its application. For example, in Indonesia One of the largest banks was unable to operate its online and physical services for three consecutive days due to a cyber-attack.. And many international organizations also experienced the same thing or even worse like bankruptcy. Because of this phenomenon the authors have and identified namely requirement and coding in Secure Software Development Lifecycle (S-SDLC). Where in this study the authors compose 18 Secure Requirement Checklist (SREC) and 72 Secure Coding Checklist (SCOC) based on Secure Requirement Practices of previous research study and translating international standard of Open Secure Coding Practice (OSCP). Where in this practice it’s likely security vulnerable are produced.
Plum Analytics
References
Anas, A., Elgamal, S., & Youssef, B. (2024). Survey on detecting and preventing web application broken access control attacks. International Journal of Electrical and Computer Engineering (IJECE), 14(1), 772–781.
Ayemowa, M. O., Ibrahim, R., & Khan, M. M. (2024). Analysis of Recommender System Using Generative Artificial Intelligence: A Systematic Literature Review. IEEE Access.
Baz, A., Ahmed, R., Khan, S. A., & Kumar, S. (2023). Security risk assessment framework for the healthcare industry 5.0. Sustainability, 15(23), 16519.
Canavese, D., Regano, L., & Lioy, A. (2022). Computer-Aided Reverse Engineering of Protected Software. International Workshop on Digital Sovereignty in Cyber Security: New Challenges in Future Vision, 3–15.
de Vicente Mohino, J., Bermejo Higuera, J., Bermejo Higuera, J. R., & Sicilia Montalvo, J. A. (2019). The application of a new secure software development life cycle (S-SDLC) with agile methodologies. Electronics, 8(11), 1218.
Fitriani, R., Subagiyo, R., & Asiyah, B. N. (2023). Mitigating IT Risk of Bank Syariah Indonesia: A Study of Cyber Attack on May 8, 2023. Al-Amwal: Jurnal Ekonomi Dan Perbankan Syari’ah, 15(1), 86–100.
Gwon, Y. N., Kim, J. H., Chung, H. S., Jung, E. J., Chun, J., Lee, S., & Shim, S. R. (2024). The Use of Generative AI for Scientific Literature Searches for Systematic Reviews: ChatGPT and Microsoft Bing AI Performance Evaluation. JMIR Medical Informatics, 12, e51187.
Hazhirpasand, M., & Ghafari, M. (2021). Cryptography Vulnerabilities on HackerOne. 2021 IEEE 21st International Conference on Software Quality, Reliability and Security (QRS), 18–27.
Humayun, M., Jhanjhi, N., Almufareh, M. F., & Khalil, M. I. (2022). Security threat and vulnerability assessment and measurement in secure software development. Comput. Mater. Contin, 71, 5039–5059.
Inggarwati, M. P., Celia, O., & Arthanti, B. D. (2020). Online single submission for cyber defense and security in Indonesia. Lex Scientia Law Review, 4(1), 83–95.
Javed, Y., Khayat, M. A., Elghariani, A. A., & Ghafoor, A. (2023). PRISM: a hierarchical intrusion detection architecture for large-scale cyber networks. IEEE Transactions on Dependable and Secure Computing, 20(6), 5070–5086.
Karthikeyani, R., & Karthikeyan, E. (2023). A Review on Distributed Denial of Service Attack. Asian Journal of Research in Computer Science, 16(4), 133–144.
Khan, A. W., Zaib, S., Khan, F., Tarimer, I., Seo, J. T., & Shin, J. (2022). Analyzing and evaluating critical cyber security challenges faced by vendor organizations in software development: SLR based approach. IEEE Access, 10, 65044–65054.
Khan, R. A., Khan, S. U., Khan, H. U., & Ilyas, M. (2022). Systematic literature review on security risks and its practices in secure software development. Ieee Access, 10, 5456–5481.
Kitchenham, B. A. (2012). Systematic review in software engineering: where we are and where we should be going. Proceedings of the 2nd International Workshop on Evidential Assessment of Software Technologies, 1–2.
Kitchenham, B., Brereton, O. P., Budgen, D., Turner, M., Bailey, J., & Linkman, S. (2009). Systematic literature reviews in software engineering–a systematic literature review. Information and Software Technology, 51(1), 7–15.
Li, Y., Ma, L., Shen, L., Lv, J., & Zhang, P. (2019). Open source software security vulnerability detection based on dynamic behavior features. Plos One, 14(8), e0221530.
Pasquale, L., Alrajeh, D., Peersman, C., Tun, T., Nuseibeh, B., & Rashid, A. (2018). Towards forensic-ready software systems. Proceedings of the 40th International Conference on Software Engineering: New Ideas and Emerging Results, 9–12.
Prasanna, S. R., & Premananda, B. S. (2021). Performance analysis of md5 and sha-256 algorithms to maintain data integrity. 2021 International Conference on Recent Trends on Electronics, Information, Communication & Technology (RTEICT), 246–250.
Rajamäki, J., Wood, K., & Espada, B. (2024). LOCKing Patient Safety: A Dynamic Cybersecurity Checklist for Healthcare Workers. European Conference on Cyber Warfare and Security, 23(1), 811–815. https://doi.org/10.34190/eccws.23.1.2072
Sadler, H. (2020). ER2C SDMLC: enterprise release r isk-centric systems d evelopment and maintenance life cycle. Software Quality Journal, 28(4), 1755–1787.
Saeed, H., Shafi, I., Ahmad, J., Khan, A. A., Khurshaid, T., & Ashraf, I. (2025). Review of Techniques for Integrating Security in Software Development Lifecycle. Computers, Materials & Continua, 82(1).
Singh, A., & Gupta, B. B. (2022). Distributed denial-of-service (DDoS) attacks and defense mechanisms in various web-enabled computing platforms: issues, challenges, and future research directions. International Journal on Semantic Web and Information Systems (IJSWIS), 18(1), 1–43.
Yuryna Connolly, L., Wall, D. S., Lang, M., & Oddson, B. (2020). An empirical study of ransomware attacks on organizations: an assessment of severity and salient factors affecting vulnerability. Journal of Cybersecurity, 6(1), tyaa023.
Zhan, X., Fan, L., Chen, S., We, F., Liu, T., Luo, X., & Liu, Y. (2021). Atvhunter: Reliable version detection of third-party libraries for vulnerability identification in android applications. 2021 IEEE/ACM 43rd International Conference on Software Engineering (ICSE), 1695–1707.
Downloads
Published
Issue
Section
License
Copyright (c) 2025 Anderies Anderies, Ika Dyah Agustia Rachmawati, Kenny Jingga, Calvin Linardy Candra
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
Authors who publish with this journal agree to the following terms:
a. Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License - Share Alike that allows others to share the work with an acknowledgment of the work's authorship and initial publication in this journal.
b. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgment of its initial publication in this journal.
c. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work.
Â
USER RIGHTS
 All articles published Open Access will be immediately and permanently free for everyone to read and download. We are continuously working with our author communities to select the best choice of license options, currently being defined for this journal as follows: Creative Commons Attribution-Share Alike (CC BY-SA)
